AWS Elastic Beanstalk - User Resolution Issues
I am trying to set up our Node.js application to deploy with Amazon Elastic Beanstalk.
Actually I made several config files inside .ebextensions to enable websites, doing yum installations for multiple modules and installing whatever special software we need.
While the application deployment is running and all configured software is installed Beanstalk.
The problem is that the nodejs user who runs the node app does not have permission to execute the command line tools set by our custom beanstalk config.
To be more specific:
-
The application supports uploading user files and saved files to some temp folder on the instance (which works as it should).
-
The application then does a command line execution to convert the downloaded file to a custom file format, something like something like / home / ec 2-user / converter / bin convert the filename to a file.
At this point I get this error: {[Error: spawn EACCES] code: "EACCES", errno: "EACCES", syscall: "spawn"}
In general, the application requires several command line tools to perform such conversion tasks. In fact, they all have the same problem. Even the tools installed by yum like Imagemagick are not executed by the application.
Manually using the ec2-user account I can accomplish all of this, all files are on the correct system tracks and they work fine. Therefore, all installations are working correctly.
I already tried to grant permissions to the nodejs user manually and did chmod the files, but that doesn't seem to have any effect here.
The big question is, how can I grant the required permissions for the nodejs user, or alternatively, how can I use a specific user to execute Node.js?
source to share
I believe the user nodejs
has no privileges to use the shell:
[ec2-user@host ~]$ cat /etc/passwd
....
nodejs:x:497:497::/tmp:/sbin/nologin
As per the docs node runs a command in a shell and returns it .
I've also tried:
[ec2-user@host ~]$ pwd
/home/ec2-user
[ec2-user@host ~]$ cat test.js
#!/opt/elasticbeanstalk/node-install/node-v0.10.31-linux-x64/bin/node
require('child_process').exec('/usr/bin/whoami', function (err, data) {
console.log(data);
});
[ec2-user@host ~]$ ls -l
total 4
-rwxrwxrwx 1 ec2-user ec2-user 169 Nov 3 21:49 test.js
[ec2-user@host ~]$ sudo -u nodejs /home/ec2-user/test.js
sudo: unable to execute /home/ec2-user/test.js: Permission denied
I'll say it works, which I was confused about (maybe someone can talk to clarify):
$ sudo -u nodejs /usr/bin/whoami nodejs
HOWEVER, as an outside observer, it looks like Beanstalk is not right for you. Typically, Beanstalk is a completely manageable abstraction through design and tinkering with filesystem permissions and user rights exceeding those boundaries.
As an aside, you might want to switch to OpsWorks instead . From http://aws.amazon.com/opsworks/faqs/ :
Q: How is AWS OpsWorks different from AWS Elastic Beanstalk?
AWS OpsWorks and AWS Elastic Beanstalk focus on operations, but with very different orientations. AWS Elastic Beanstalk strives to automatically enforce operations with key operations so that developers can increase development time and minimize time spent on operations. In contrast, AWS OpsWorks provides an integrated experience for ops-minded IT administrators and developers who want high performance and control over operations.
source to share
Finally I found a solution:
Beanstalk uses ec2 account to run bash commands. Therefore, everything installed using the command line cannot be executed by the nodejs user account due to permission conflicts.
The solution was to copy all installed tools to / usr / local / bin where they can be executed by any user.
07_myprogram:
command: sudo cp bin/* /usr/local/bin
cwd: /home/ec2-user/myprogram
ignoreErrors: true
source to share